'CORS on flask - uwsgi - nginx stack

I am running a flask app behind nginx/uwsgi. I am facing CORS issues when uploading files btw the upload limit in nginx is set to 30M and the same is uwsgi and I'm only uploading 2M of files, and I allowed all CORS origins. I've tried everything but to no avail, the request succeeds when I run it directly from an interactive python session. I have an endpoint /result

@app.route('/result', methods = ['GET',  'POST'])
@token_required
def result(user : User):
    if request.method == "GET":
        d = request.args 
        # do stuff
        return jsonify({'success': False, 'msg': 'Unable to fullfill request' }), 201 
    else:
         # do stuff
        return jsonify({'success' : False, 'msg': 'Missing Fields'}), 201

here are the uwsgi logs

[pid: 8615|app: 0|req: 1/1] xxx.xx.xxx.xxx () {52 vars in 820 bytes} [Fri Apr 22 18:33:08 2022] OPTIONS /jwt => generated 0 bytes in 4 msecs (HTTP/2.0 200) 8 headers in 340 bytes (1 switches on core 0)
[pid: 8615|app: 0|req: 2/2] xxx.xx.xxx.xxx () {52 vars in 840 bytes} [Fri Apr 22 18:33:08 2022] OPTIONS /notifications => generated 0 bytes in 0 msecs (HTTP/2.0 200) 8 headers in 340 bytes (1 switches on core 0)
[pid: 8614|app: 0|req: 1/3] xxx.xx.xxx.xxx () {52 vars in 826 bytes} [Fri Apr 22 18:33:08 2022] OPTIONS /result => generated 0 bytes in 4 msecs (HTTP/2.0 200) 8 headers in 346 bytes (1 switches on core 0)
[pid: 8615|app: 0|req: 3/4] xxx.xx.xxx.xxx () {52 vars in 820 bytes} [Fri Apr 22 18:33:08 2022] OPTIONS /jwt => generated 0 bytes in 1 msecs (HTTP/2.0 200) 8 headers in 340 bytes (1 switches on core 0)
[pid: 8615|app: 0|req: 4/5] xxx.xx.xxx.xxx () {52 vars in 840 bytes} [Fri Apr 22 18:33:08 2022] OPTIONS /notifications => generated 0 bytes in 0 msecs (HTTP/2.0 200) 8 headers in 340 bytes (1 switches on core 0)
[pid: 8617|app: 0|req: 1/6] xxx.xx.xxx.xxx () {52 vars in 945 bytes} [Fri Apr 22 18:33:08 2022] GET /jwt => generated 22 bytes in 14 msecs (HTTP/2.0 201) 5 headers in 190 bytes (1 switches on core 0)
[pid: 8615|app: 0|req: 5/7] xxx.xx.xxx.xxx () {52 vars in 951 bytes} [Fri Apr 22 18:33:08 2022] GET /result => generated 274 bytes in 14 msecs (HTTP/2.0 201) 5 headers in 191 bytes (1 switches on core 0)
[pid: 8613|app: 0|req: 1/8] xxx.xx.xxx.xxx () {52 vars in 965 bytes} [Fri Apr 22 18:33:08 2022] GET /notifications => generated 19973 bytes in 25 msecs (HTTP/2.0 201) 5 headers in 193 bytes (2 switches on core 0)
[pid: 8614|app: 0|req: 2/9] xxx.xx.xxx.xxx () {52 vars in 945 bytes} [Fri Apr 22 18:33:08 2022] GET /jwt => generated 22 bytes in 7 msecs (HTTP/2.0 201) 5 headers in 190 bytes (1 switches on core 0)
[pid: 8614|app: 0|req: 3/10] xxx.xx.xxx.xxx () {52 vars in 965 bytes} [Fri Apr 22 18:33:08 2022] GET /notifications => generated 19973 bytes in 10 msecs (HTTP/2.0 201) 5 headers in 193 bytes (1 switches on core 0)
[pid: 8614|app: 0|req: 4/11] xxx.xx.xxx.xxx () {52 vars in 827 bytes} [Fri Apr 22 18:33:18 2022] OPTIONS /result => generated 0 bytes in 1 msecs (HTTP/2.0 200) 8 headers in 346 bytes (0 switches on core 0)

Chrome OPTIONS response

access-control-allow-headers: authorization
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://example.com
access-control-expose-headers: Content-Disposition
allow: OPTIONS, HEAD, POST, GET
content-length: 0
content-type: text/html; charset=utf-8
date: Fri, 22 Apr 2022 18:33:18 GMT
server: nginx/1.20.0
vary: Origin

Chrome Console error

Access to XMLHttpRequest at 'https://api.example.com/result' from origin 'https://example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

the error is quite funny because the OPTIONS response has the 'Access-Control-Allow-Origin' header.

nginxflaskcorsuwsgi


Solution 1:[1]

When I was setting up uwsgi I had to change nginx's user group. when I check the nginx error logs at /var/log/nginx/error.log I noticed that there was a permissions issue. I solved this by changing the user group of

sudo chgrp www-data /var/lib/nginx/tmp/ /var/lib/nginx/ /var/lib/nginx/tmp/client_body/

Still can't explain why plain python requests query from my pc was not causing the same issue.

PS

Whenever nginx will face an error and returns a response to the browser you will see the cors thing in the console logs. so always take that with a grain of salt especially if you already set the cors headers from flask side correctly.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Abdessabour Mtk

Related Questions

Nginx getting the event "ngx_master_****" was not signaled for 5s

Valid characters in nginx upstream name

Nginx proxy_pass with $remote_addr

Nginx the event was not signaled for 5s

how to serve static files through nginx and django in windows

The Streamlit app stops with "Please wait... " and then stops

The Streamlit app stops with "Please wait... " and then stops

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Locate the nginx.conf file my nginx is actually using

Angular SPA with Custom --base-href and Nginx Routing

What does "trust proxy" actually do in express.js, and do I need to use it?

Nginx ingress controller not giving metrics for prometheus

(13: Permission denied) while connecting to upstream:[nginx]

Ubuntu Nginx/Laravel 500 Internal Server Error